CyberheistNews Vol 15 #21 I Got This Coinbase-Related Scam in My Personal Inbox Last Week

I Got This Coinbase-Related Scam in My Personal Inbox Last Week

By Roger Grimes

Coinbase is one of the world's largest cryptocurrency exchange sites, listed on the NASDAQ. I've been a Coinbase member from the beginning, so this email got my attention. I was pretty skeptical from the start, and upon further exploration, it was definitely a scam.

The scam works by sending this email to a large number of people, and some percentage of recipients are likely to be Coinbase users (like me). The scam is to convince potential Coinbase victims that a hacker has somehow broken into their Coinbase account and added a new wallet address, which can then be used to steal the member's value stored with Coinbase.

In this scam's case, fake Coinbase tech support is claiming that someone else's public wallet address has been inserted into the Coinbase user's account as a place that can receive value from the involved user. If this were real, it would be a big deal, because it would mean the user's Coinbase account was somehow compromised, and a thief had inserted their wallet address as a place where they could transfer (i.e., steal) the user's Coinbase account value.

[CONTINUED] with screenshots and links at the KnowBe4 blog:
https://blog.knowbe4.com/beware-coinbase-scams

How KnowBe4’s AI Agents Reduce Your Security Risk

Phishing and social engineering remain the #1 cyber threat to your organization, with 68% of data breaches caused by human error. Your security team needs an easy way to deliver personalized training—this is precisely what our AI Defense Agents provide.

Join us for a demo showcasing KnowBe4's leading-edge approach to human risk management with agentic AI that delivers personalized, relevant and adaptive security awareness training with minimal admin effort.

See how easy it is to train and phish your users with KnowBe4’ HRM+ platform:

• SmartRisk Agent™ - Generate actionable data and metrics to help you lower your organization’s human risk score
• Template Generator Agent - Create convincing phishing simulations, including Callback Phishing, that mimic real threats. The Recommended Landing Pages Agent then suggests appropriate landing pages based on AI-generated templates
• Automated Training Agent - Automatically identify high-risk users and assign personalized training
• Knowledge Refresher Agent and Policy Quizzes Agent - Reinforce your security program and organizational policies
• Enhanced Executive Reports - Track user activities, visualize trends, download widgets, and improve searching/sorting to provide deeper insights and streamline collaboration

See how these powerful AI-driven features work together to dramatically reduce your organization's risk while saving your team valuable time.

Date/Time: Wednesday, June 4, @ 2:00 PM (ET)

Save My Spot:
https://info.knowbe4.com/en-us/kmsat-demo-3?partnerref=CHN

Impersonating Meta, Powered by AppSheet: A Rising Phishing Campaign Exploits Trusted Platforms to Evade Detection

Since March 2025, the KnowBe4 Threat Labs team has observed a surge in phishing attacks that exploit Google's AppSheet platform to launch a highly targeted, sophisticated campaign impersonating social media platform giant Meta.

Utilizing state-of-the-art tactics such as polymorphic identifiers, advanced man‑in‑the‑middle proxy mechanisms and multi-factor authentication bypass techniques, the attackers aim to harvest credentials and two-factor authentication (2FA) codes, enabling real-time access to social media accounts.

The largest spike since March occurred on April 20 2025, where 10.88% of all global phishing emails identified and neutralized by KnowBe4 Defend were sent from AppSheet. Of these, 98.23% impersonated Meta and the remaining 1.77% impersonated PayPal.

Phishing Campaign Overview

All attacks analyzed in this campaign were identified and neutralized by KnowBe4 Defend, with further investigation conducted by our Threat Labs team.

Attackers exploited AppSheet, a trusted Google-owned platform, and its workflow automation to deliver phishing emails at scale, enabling large-scale, hands-free distribution. These emails originated from noreply@appsheet.com, a legitimate domain, enabling them to bypass Microsoft and Secure Email Gateways (SEGs) that rely on domain reputation and authentication checks (SPF, DKIM, DMARC).

In addition to leveraging a legitimate domain, this campaign also impersonated Meta (Facebook), using forged branding and urgent language—such as warnings about account deletion—to pressure recipients into taking immediate action. The use of a trusted brand like Meta helps lower suspicion and increase user engagement, making the phishing emails and the subsequent credential harvesting site appear more credible.

[CONTINUED] with screenshots and links at the KnowBe4 blog:
https://blog.knowbe4.com/impersonating-meta-powered-by-appsheet-a-rising-phishing-campaign-exploits-trusted-platforms-to-evade-detection

Next Gen AI Human Risk Management Powered by KnowBe4

When it comes to AI and human risk management (HRM), not all AI is created equal. You need an approach that strengthens your security posture, integrates seamlessly with your existing processes and operates as an extension of your team. Ninety-two percent of polymorphic phishing attacks now weaponize AI technology against organizations like yours to achieve unprecedented scale and effectiveness.

KnowBe4 has been leading the way in AI for almost a decade, and we're not slowing down.

Our HRM platform, HRM+, delivers clear, measurable value to your organization:

• Superior Training Data: Our AI agents are trained on over a decade of real-world behavioral data from 13+ million users across 70,000+ organizations worldwide, making the data relevant and personalized for your organization
• Battle-Tested AI: Not a demo toy, it's production-ready and delivering measurable outcomes. You could see upwards of 83% reduction in Phish-prone™ Percentage within 12 months
• Risk-Based Intelligence: All our AI decisions are based on reducing the Risk Score of your users through our SmartRisk Agent™
• Human-AI Collaboration: The best AI works with human intelligence. Our AI works as an extension of your team and follows your guidelines and configurability to make the decisions on behalf of your organization

Immediately manage and mitigate human risk more effectively with agentic AI security awareness training to stay ahead of evolving threats.

Learn more about how agentic AI can transform your security awareness training.
https://blog.knowbe4.com/knowbe4-leads-charge-against-cybersecurity-threats-with-ai-capabilities

The Ransomware Threat: Still Alive and Kicking

By Javvad Malik

Many organizations, after a period of relative quiet, might believe the ransomware bubble has burst. The headlines may have shifted, and other emerging cyber threats might seem to dominate the news cycle, but recent data from Marsh's 2024 UK cyber insurance claims report suggests otherwise.

It paints a stark picture of an ongoing and evolving threat landscape. While claims decreased by 20% compared to 2023, they remained significantly higher than in previous years. This serves as a critical reminder that cybersecurity threats, particularly ransomware, continue to pose a serious risk to businesses across various sectors, regardless of size or industry.

The persistence of ransomware attacks underscores the critical need for organizations to remain vigilant and proactive in their cybersecurity efforts. Simply believing that the threat has subsided is a mistake.

Implementing robust controls, such as secure and regularly tested backups, advanced threat detection systems and comprehensive incident response plans that are periodically reviewed and updated, is essential in mitigating the impact of potential breaches. These measures are not just checkboxes to tick, but rather integral components of a layered security approach.

One crucial aspect that often gets overlooked is the human element in cybersecurity. Social engineering tactics remain a primary vector for initiating breaches. Cybercriminals are adept at exploiting humans, leveraging trust, curiosity, fear and other heightened emotions to gain unauthorized access. This highlights the importance of focusing on employee awareness and training.

By educating employees about the latest threats, providing simulated phishing tests and fostering a culture of security consciousness, organizations can significantly reduce their vulnerability to cyberattacks. Security awareness training should not be a one-off event, but rather an ongoing process that adapts to the evolving threat landscape.

The Marsh report also reveals an interesting trend: fewer organizations are choosing to pay ransoms. This shift is attributed to a variety of factors, including improved backup systems, quicker threat detection and containment that minimizes damage and a changing perception of the reputational impact of ransomware attacks.

[CONTINUED] with links at the KnowBe4 blog:
https://blog.knowbe4.com/the-ransomware-threat-still-alive-and-kicking

Identify Weak User Passwords In Your Organization With the Newly Enhanced Weak Password Test

Cybercriminals never stop looking for ways to hack into your network, but if your users' passwords can be guessed, they've made the bad actors' jobs that much easier.

Verizon's Data Breach Investigations Report showed that 81% of hacking-related breaches use either stolen or weak passwords.

The Weak Password Test (WPT) is a free tool to help IT administrators know which users have passwords that are easily guessed or susceptible to brute force attacks, allowing them to take action toward protecting their organization.

Weak Password Test checks the Active Directory for several types of weak password-related threats and generates a report of users with weak passwords.

Here's how Weak Password Test works:

• Connects to Active Directory to retrieve password table
• Tests against 10 types of weak password related threats
• Displays which users failed and why
• Does not display or store the actual passwords
• Just download, install and run. Results in a few minutes!

Don't let weak passwords be the downfall of your network security. Take advantage of KnowBe4's Weak Password Test and gain invaluable insights into the strength of your password protocols.

Download Now:
https://info.knowbe4.com/weak-password-test-chn

Why Palo Alto Networks Believes Defenders Must Rethink AI Before It's Too Late

As generative AI fuels a surge in phishing, deepfakes and adversarial malware, Palo Alto Networks' Chief Security Officer for EMEA and LATAM, Haider Pasha, shares how CISOs can stay ahead—with the right tools, strategies and mindset.

In November 2022, AI broke out of the lab and into the mainstream. What was once limited to coders and researchers became accessible to anyone with a browser. Almost instantly, generative AI unleashed a wave of innovation—and exploitation.

By mid-2023, WormGPT surfaced: a generative AI tool designed for cybercriminals. Trained on hacking data and stripped of ethical safeguards, it was followed by FraudGPT, marketed on the Dark Web as an all-in-one toolkit for phishing, malware and identity fraud.

These tools can now craft convincing phishing emails, generate undetectable malware and guide users through bypassing Two-Factor Authentication—all for under $100 per month.

No coding skills. No broken English. Just AI-enabled cybercrime, faster, cheaper and at scale.

Faced with this escalating threat, the role of defenders is undergoing radical transformation. Palo Alto Networks' Pasha believes the only way forward is through strategic consolidation, automation and a fundamental shift in how cybersecurity is understood.

"This is no longer a tools issue—it's a mindset issue," Pasha said in a recent conversation as part of the CXO Vision Series. He went on to discuss what AI means for both attackers and defenders: "Cybersecurity can't be managed with 80 siloed tools. Defenders need unified, AI-powered platforms that think and act faster than the threats they're facing."

He explained that most people believe AI benefits attackers more than defenders, however, he disagrees. He believes this could be the case if we change how we approach security.

[CONTINUED] at IntelligentCISO:
https://www.intelligentciso.com/2025/05/23/why-palo-alto-networks-believes-defenders-must-rethink-ai-before-its-too-late/

Let's stay safe out there.

Warm Regards,

Stu Sjouwerman, SACP
Founder and Exec Chair
KnowBe4, Inc.

PS: [BUDGET AMMO] Taming the Hacker Storm: Why Millions in Cybersecurity Spending Isn't Enough:
https://www.securityweek.com/taming-the-hacker-storm-why-millions-in-cybersecurity-spending-isnt-enough/

PPS: "The Revenge of the Junior Developer." An "AI" must-read. A riot and worth it:
https://sourcegraph.com/blog/revenge-of-the-junior-developer/

You can read CyberheistNews online at our Blog
https://blog.knowbe4.com/cyberheistnews-vol-15-21-i-got-this-coinbase-related-scam-in-my-personal-inbox-last-week

Phishing Campaign Targets International Students in the U.S.

The FBI has issued an alert on a wave of phishing attacks targeting Middle Eastern students who are studying in the U.S.

The campaign has targeted students from the United Arab Emirates (UAE), Saudi Arabia, Qatar and Jordan. The scammers impersonate government officials and claim there is an issue with the student's visa.

"Scammers contact foreign students lawfully studying in the United States, or who are in the process of coming to the United States and impersonate government or immigration officials claiming the student is out of status for violations of F-1 student visa requirements or otherwise facing immigration issues," the FBI says.

"Victims are threatened with prosecution or deportation and asked to pay an unknown entity or bank account to process immigration paperwork, pay university registration fees, or pay a legal fee."

The criminals pose as officials from various U.S. agencies, including the Department of Homeland Security (DHS), Homeland Security Investigations (HSI) or US Citizenship and Immigration Services (USCIS). They've also impersonated government officials from the students' home countries.

"Scammers may spoof the phone number of government agencies, foreign embassies, or universities," the FBI says. "They may speak professionally and use the accents and/or language matching the purported location of the callers."

The Bureau concludes that students should hang up and contact the impersonated agency directly.

"Beware of unsolicited communication from someone purporting to be from the government, especially by phone," the FBI writes. "Verify you are speaking with a government official by hanging up and contacting the office through a third-party obtained number (eg. web search for legitimate contact info, then asking for the agent or department you were speaking with."

KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

Blog post with links here:
https://blog.knowbe4.com/phishing-campaign-targets-international-students-in-the-us

Threat Actors Are Using AI-Generated Audio to Impersonate U.S. Officials

The FBI is warning that threat actors are impersonating senior U.S. officials in phishing attacks designed to compromise users' accounts. Notably, the attackers are using AI-generated audio to convincingly spoof the voices of real people.

"The malicious actors have sent text messages and AI-generated voice messages, techniques known as smishing and vishing, respectively, that claim to come from a senior US official in an effort to establish rapport before gaining access to personal accounts," the FBI says.

"One way the actors gain such access is by sending targeted individuals a malicious link under the guise of transitioning to a separate messaging platform. Access to personal or official accounts operated by US officials could be used to target other government officials, or their associates and contacts, by using trusted contact information they obtain.

"Contact information acquired through social engineering schemes could also be used to impersonate contacts to elicit information or funds."

If you're unsure whether a message is legitimate, the FBI recommends contacting the impersonated agency or individual through a separate channel, rather than responding to an unsolicited message. Additionally, the Bureau offers the following advice to help users identify AI-assisted social engineering attacks:

• "Carefully examine the email address; messaging contact information, including phone numbers; URLs; and spelling used in any correspondence or communications. Scammers often use slight differences to deceive you and gain your trust. For instance, actors can incorporate publicly available photographs in text messages, use minor alterations in names and contact information, or use AI-generated voices to masquerade as a known contact.
• Look for subtle imperfections in images and videos, such as distorted hands or feet, unrealistic facial features, indistinct or irregular faces, unrealistic accessories such as glasses or jewelry, inaccurate shadows, watermarks, voice call lag time, voice matching, and unnatural movements.
• Listen closely to the tone and word choice to distinguish between a legitimate phone call or voice message from a known contact and AI-generated voice cloning, as they can sound nearly identical.
• AI-generated content has advanced to the point that it is often difficult to identify. When in doubt about the authenticity of someone wishing to communicate with you, contact your relevant security officials or the FBI for help."

KnowBe4 enables your workforce to make smarter security decisions every day.
The FBI has the story:
https://www.ic3.gov/PSA/2025/PSA250515

What KnowBe4 Customers Say

"Good morning, I wanted to take a few moments to let you know how amazing Jimmy has been in getting me up to speed on the KB4 platform. No matter how trivial a request is, Jimmy meets it with optimism and enthusiasm. He returns all emails in a timely manner and creates an environment in which I truly view him as an asset to my growth and development.

"I ran into an issue with an ongoing campaign today and Jimmy scheduled time (within minutes) via Zoom to address my questions. I truly view this as "white glove service." I have worked with different LMS customer success managers and Jimmy far exceeds my previous experiences. Protect Jimmy at all costs"

- O.M., Security Training and Awareness Lead

1. Western intelligence agencies unite to expose Russian hacking campaign against logistics and tech firms:
   https://therecord.media/western-intelligence-alert-russia-hackers-logistics-fancy-bear-apt28
   
   
2. SEC SIM-swapper who Googled 'signs that the FBI is after you' put behind bars:
   https://www.theregister.com/2025/05/19/sim_swapper_sec_x_account/
   
   
3. Uncensored AI Tool Raises Cybersecurity Alarms:
   https://www.infosecurity-magazine.com/news/uncensored-ai-tool-cybersecurity/
   
   
4. Lumma infostealer malware operation disrupted, 2,300 domains seized:
   https://www.microsoft.com/en-us/security/blog/2025/05/21/lumma-stealer-breaking-down-the-delivery-techniques-and-capabilities-of-a-prolific-infostealer/
   
   
5. Russian hacker group Killnet returns with new identity:
   https://therecord.media/russian-hacker-group-killnet-returns-with-new-identity
   
   
6. TikTok Videos Promise Pirated Apps, Deliver Vidar and StealC Infostealers Instead:
   https://www.trendmicro.com/en_us/research/25/e/tiktok-videos-infostealers.html
   
   
7. US indicts leader of Qakbot botnet linked to ransomware attacks:
   https://www.bleepingcomputer.com/news/security/us-indicts-leader-of-qakbot-botnet-linked-to-ransomware-attacks/
   
   
8. Widespread phishing campaign incorporates leaked data to target French users:
   https://www.ibm.com/think/x-force/spear-fishing-campaign-targets-users-in-france
   
   
9. 3AM ransomware spreads via email bombing and phony IT support calls:
   https://news.sophos.com/en-us/2025/05/20/a-familiar-playbook-with-a-twist-3am-ransomware-actors-dropped-virtual-machine-with-vishing-and-quick-assist/
   
   
10. Fake Cloudflare verification page attempts to trick users into downloading malware:
    https://blog.sucuri.net/2025/05/another-fake-cloudflare-verification-targets-wordpress-sites.html
    
    

• Virtual Vaca #1 to Top 25 Places To Visit in Slovenia - Travel Guide:
  https://youtu.be/cuhENXdPNOQ
  
  
• Virtual Vaca #2 to Indonesia in 4K - Incredible Scenes & Hidden Gems:
  https://youtu.be/rAx1qYtXI28
  
  
• Virtual Vaca #3 to Best Day Hikes in US National Parks:
  https://youtu.be/a8NcnzsE250
  
  
• Join me for a stunning raw POV wingsuit flight off Manlicken in the heart of Switzerland:
  https://youtu.be/oqkzvYF643k
  
  
• Magician Annarose Fools Penn & Teller:
  https://youtu.be/b2vVXRoSO_Y
  
  
• How many supercars fit Inside The World's Biggest Airplane?:
  https://youtu.be/IAsDzlutKVQ?si=vU7wLIzgeQA7p-2F
  
  
• Synthsaga sci-fi: Sandburg tradeshow *Dieselpunk 3:05. Weirdly cool:
  https://youtu.be/jBl0OsFBYC0
  
  
• The Race to Expand Monaco's Borders:
  https://www.youtube.com/watch?v=IlnW8x4TJ2I
  
  
• Experience heart-stopping mountain biking as legends Antoni Villoni and Kilian Bron dance along Switzerland's most breathtaking ridgelines:
  https://www.flixxy.com/alpine-adrenaline-conquering-switzerlands-razors-edge.htm?utm_source=4
  
  
• LockpickingLawyer - Is this Coolest (complicated) Lock Picking Tool Ever?:
  https://youtu.be/bGwnChxO6II
  
  
• Google's Veo3 Warning: After seeing these examples, you might never trust a video again:
  https://www.flixxy.com/googles-veo3-creates-videos-so-real-you-cant-tell-whats-fake-anymore.htm?utm_source=4
  
  
• For Da Kids #1 - This Dog Dance Act Will Melt Your Heart!:
  https://youtu.be/tXC25xRvvyI
  
  
• For Da Kids #2 - Lizard Loves To Go On Walks With Mom Around The Neighborhood:
  https://youtu.be/tt6o_goTRX4
  
  
• For Da Kids #3 - Baby Rhino Runs Up To Her Rescuer For Cuddles:
  https://youtu.be/_8PT7o1tWOo
  
  
• For Da Kids #4 - Opal gets on the couch and tries to steal popcorn:
  https://youtu.be/Z1llpqDGp5o
  
  
• For Da Kids #5 - Rescue dog is so happy when he goes flying:
  https://youtu.be/ewkn2y7FaX0